Small- to medium-sized businesses (SMBs) and startups have limited budgets for business operations such as monitoring, backups, and security. They also tend to iterate on their applications much faster, have fewer compliance requirements, higher risk tolerance, and can manage with “good enough” disaster recovery practices, depending on the type of application. Because they are so focused on building their application, cloud backups can sometimes be overlooked, but backing up important work is a critical need. Here are just a few reasons startups and SMBs should have a comprehensive backup plan in place:
SMBs often optimize on cost by running in a single region, and optimizing their cloud cost, all while increasing velocity. When things go wrong, they should be able to quickly revert back to a previous state.
Running an application and keeping data in a single cloud region can make it impossible to recover if there is a problem with that region. SMBs must have a disaster recovery (DR) plan that accounts for such a situation.
In case of an unforeseen incident, like ransomware affecting an application and data, businesses need to be able to start a fresh copy of the application with all the data from a prior backup.
SMBs should have a simple but robust backup strategy in order to mitigate against the above scenarios, and prevent data loss or disruptions that could put their reputation at risk. The table below shows two example applications with the corresponding backup strategy that businesses may consider building for them. Note how the backup strategy can change depending on the business need.
|Application: A NodeJS E-commerce application running on a Droplet + DigitalOcean Volumes Block Storage + Managed Postgres||Application: A Ghost CMS 1-click app running on a Droplet|
|Critical data: What should you back up?||Volumes: Snapshots or File backup. Postgres: DB backup. Local volume: File backup. Droplet: Snapshots.||Application: Ghost CMS. MySQL: DB backup. Local volume: File backup.|
|How much data can you afford to lose?||Customer and order data (Postgres): Cannot afford to lose. Volume data: Can afford to lose a few hours. NodeJS and application configuration: Can rebuild from git, if lost.||Blogs (typically posted a few times a day): Can afford to lose a few hours. MySQL: Cannot afford to lose.|
|RPO - Recovery point objective. How often should you back up?||Postgres: Full backup for point-in-time recovery. Volume: Every 4 hours. Application file system: Every 4 hours. Droplet: weekly||MySQL: Full backup for point-in-time recovery. Ghost CMS Application backup: Every 8 hours.|
|Retention - How long should you store the copies?||Postgres: 3 months. Volume and Application file system: 1 month. Droplet: 1 week.||MySQL: 1 month. Ghost CMS backup: 1 week.|
|RTO - Recovery time objective. How do you test restore?||Once a week: test by restoring the backup DB and applications into a staging domain.||Once a month: test by restoring Ghost CMS app backup into a staging domain.|
|Should there be multiple backup locations?||Yes||Locally download the backup once in a while. It is not mandatory for the site to be up in case of a disaster.|
|Locally download the backup once in a while. It is not mandatory for the site to be up in case of a disaster.||Yes. It is a requirement for the site to be operational within 10 min.||Optional.|
|Do the backups need to be encrypted?||Yes. It is a security resource to ensure that access to sensitive information is not compromised in any way.||No.|
|Summary of backup strategy||3 months of DB, 1 month of volume/file, 1 week of Droplet backup. Recovery point objective (RPO): No loss of database, 4 hours for files. Recovery time objective (RTO): 10 min to get the site up and running from backup. Secure backup. Replicate backup to 2nd region. Disaster recovery: 10min to get the site up and running.||1 month of DB, 1 week of application back. Recovery point objective (RPO): 8 hours. Recovery time objective (RTO): 1 day.|
While the above is just an example, note how business need and the criticality of the data changes the backup strategy.
There are several types of backups that SMBs should consider, including:
Application backup: This type of backup is used to backup specific applications such as databases or CMS. Backups are stored in object stores (Spaces/S3).
File backup: This type of backup is used to backup specific files or folders. It can be full backup or incremental. Backups are stored in object stores (Spaces/S3).
Virtual Machine (Droplet) backup: This type of backup is used to backup entire Droplets. It uses the snapshots to take point-in-time backup. Backups are stored in NAS storage.
Volume backup: This type of backup is used to backup entire volumes of data, such as a DigitalOcean Volume or a partition. It uses the snapshots to take point-in-time backup. Backups are stored in block storage.
We recommend a hybrid backup strategy depending on your application. Some scenarios will make it obvious. For example:
Say you upgraded your application, and something went wrong. In this case, reverting back to the previous version of the application backup is a better/faster solution.
You want to migrate your application to another region. You can plan to restore the entire virtual machine from the backup for a simpler migration.
You deleted a specific folder by mistake. In this case, you can restore the folder from the backup in minutes.
File and application backups are low-overhead and can be taken frequently. The restore operation is faster because you are restoring a subset of the entire system, and can be tied to the application version. You can also take advantage of low cost and S3 replication to create multiple copies of the backup. For most SMBs, we recommend adopting a hybrid backup plan, starting with files and applications.
SMBs and startups should have a backup plan or strategy in place, and review and update that document time-to-time. Tools such as SnapShooter, a backup and recovery solutions provider recently acquired by DigitalOcean, can help startups easily set up regular backups.
We recommend the following best practices:
Regularly test and verify backups: Regularly test and verify backups to ensure that they can be successfully restored. Automate this solution, or have a step-by-step document.
Store backups in multiple locations: For files and applications backup, this can be done using S3 replication or creating separate jobs for backing up to different destinations.
Encrypt backups: Encrypt backups to protect against data breaches. This can help ensure that your data is protected even if it falls into the wrong hands. With the use of encryption keys in SnapShooter, you get one key to Lock the backup and one to Unlock the backup. Locking keys can be provided without any worries about them being harmful, but Unlock keys should be kept private (i.e. a USB drive for limited physical access) so only the backup owner can access its contents.
Have a disaster recovery plan in place: Have a disaster recovery plan in place that details how you will restore your systems and data in the event of a disaster. Disaster recovery is different from simple restore in that you lose access to the entire datacenter/region.
Use an automated backup solution: A multi-product, multi-cloud backup solution can serve as a single pane-of-glass for all your backup needs.
SnapShooter enables users to back up their files, apps, and databases from DigitalOcean and other cloud providers. It also supports popular apps such as Laravel and WordPress, and databases including MongoDB, MySQL, and PostgreSQL. Comprehensive backups can be taken daily, weekly, and monthly from server backups, or up to every 5 minutes for file backup.
Key features of SnapShooter include:
Backup files, servers, apps, and databases from multiple providers
Quickly restore a previous version of a file or multiple files
Granular backups with the ability to choose what folders to back up
Choose your backup frequency, and see when backups were run
Customize your backup settings and retention policies
Replicate the snapshots across another region for disaster recovery
Get real-time logs and monitoring
Stay secure and compliant with 2-factor authentication and secure encryption
Use your own storage, including DigitalOcean Spaces, AWS S3, Filebase, and other systems, or use SnapShooter’s S3-compatible storage
Get email and slack alerts of backups
July 26, 2023•3 min read
July 10, 2023•3 min read
May 25, 2023•3 min read